Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Databases Security

Database Error Exposes Sensitive Information On 1,700 Kids (csoonline.com) 62

itwbennett writes: Researcher Chris Vickery discovered that the Arlington, Virginia based child monitoring service uKnowKids.com had a misconfigured MongoDB installation that left sensitive details on over 1,700 children exposed for months. UKnowKids helps parents monitor their child's activities online, by watching their mobile communications, social media activities, and their location. And so the database stored 6.8 million private text messages, 1.8 million images (many depicting children), Facebook, Twitter, and Instagram account details, in addition to the children's full names, email addresses, GPS coordinates, date of birth.
This discussion has been archived. No new comments can be posted.

Database Error Exposes Sensitive Information On 1,700 Kids

Comments Filter:
  • Would it really hurt so bad if private information was you know, kept on a private network? It's not like everything in the world needs to be internet-facing.

    • by Bengie ( 1121981 ) on Tuesday February 23, 2016 @08:12AM (#51566019)
      Seems they misconfigured their Mongo DB, MongoDB server's firewall, inter-vlan firewall, and edge firewall. When the entire system is misconfigured, you use the word "inept".
  • Stupidity... (Score:4, Insightful)

    by Longjmp ( 632577 ) on Tuesday February 23, 2016 @06:27AM (#51565643)
    Summary:
    Stupidity of helicopter parents backfires.
  • by Anonymous Coward

    About whom shall we think?

  • by Anonymous Coward

    mostly kids... they could use some press?

    • mostly kids... they could use some press?

      There's nothing wrong with putting a topic in perspective. Parent should not have been modded offtopic.

  • It's been those idiotic DBA and system administrator. It's too easy to blame software and hardware. There's always a person behind these cases!
  • Cool story bro, and nice SEO you got going on there. I can't stand people who post links to their own sites in this fashion. You could do it once or twice without causing a fuss, but acting like an organic RSS feed? No thanks.
  • what idiot would put their kid's info here?
  • Well, this is the result that you get after years of advertising whatever db engines to be easy to setup and configure - idiots will actually believe it after a while and will think they know what they are doing, start puting db-professional into their CVs, some other idiot hires them, and so on and so forth.

    And, well, I'm sorry, but I just can't submit without the compulsory "Won't somebody please think of the children!" :P
  • Comment removed based on user account deletion
  • There are so many organizations who get junior/intermediate developers who are told to build it fast, without a plan and without consideration of what they are storing. There are probably hundreds of companies who set up a system, make it big, and never do audits of their code, data or protection. Anyone storing sensitive data should be doing a periodic audit so the people "upstairs" know what is stored and how it is stored. It's not enough for it to "just work". It's not just the medical and psychology ind
    • by Tablizer ( 95088 )

      From an entrepreneurial perspective, you have to take risks to win. You have to grow fast and beat your competitors because the "first to market" tends to have a big advantage.

      This encourages taking shortcuts. I'm not sure how to prevent such security-related risks other than perhaps criminal prosecution or huge fines. However, that would drive up the expense of IT work (think insurance) and result in offshoring. USA regulators will have a hard time dictating the laws of Timbuktu web servers and products.

      I

      • by sjames ( 1099 )

        If you attach the risks to the company itself, they would have to move themselves to the 3rd world to duck the enforcement. Off-shoring wouldn't help them at all, it would just put their contractors out of reach if they want help paying the huge fines.

        • by Tablizer ( 95088 )

          I'm not sure what you mean. How about a scenario.

          The US gov't can't order say a Singapore company to put in a back door or hack their own product. Such restrictions on a US company would give Singapore companies an advantage because they can say they are outside of US govt's control.

          I suppose the US gov't can tell Singapore co's that they can't sell products in the US unless they have a back door and unlock it somehow on request. But that's harder to verify and enforce than with a US-based co.

          • by sjames ( 1099 )

            They could actually block the import unless they have an unlocker in hand.

            I'm not saying they should (I don't believe they should have a back door at all), just that they could.

            More appropriately, they could enforce a fine for careless handling of customer data by instructing Visa/MC to claw back any funds sent to them and allow no more charges.

  • I think that all of these services are, in some capacity, ran by pedophiles, and the clueless parents are simply facilitators. This wouldn't be anything out of the ordinary, in fact: parents often, unwittingly, facilitate abuse of their children by family members or "friends". If you really need to use a service like that, your family relationships are already broken and you should be seeking counseling, not monitoring.

  • This sounds like a job for Little Bobby Tables. Unprotected database? He can take care of it.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...